diff --git a/src/internal.c b/src/internal.c
index 843ca18ba..8b0872605 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -21574,6 +21574,7 @@ static WC_INLINE int VerifyMacEnc(WOLFSSL* ssl, const byte* input, word32 msgSz,
         WOLFSSL_ERROR_VERBOSE(VERIFY_MAC_ERROR);
         return VERIFY_MAC_ERROR;
     }
+    XMEMSET(verify, 0, WC_MAX_DIGEST_SIZE);
 
     ret  = ssl->hmac(ssl, verify, input, msgSz - digestSz, -1, content, 1, PEER_ORDER);
     ret |= ConstantCompare(verify, input + msgSz - digestSz, (int)digestSz);
@@ -21596,7 +21597,7 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz,
     word32 digestSz = MacSize(ssl);
     byte   verify[WC_MAX_DIGEST_SIZE];
 
-
+    XMEMSET(verify, 0, WC_MAX_DIGEST_SIZE);
     if (ssl->specs.cipher_type == block) {
         pad = input[msgSz - 1];
         padByte = 1;